# OneLogin SAML Application setup This example shows setting up a SAML application in OneLogin and connecting this to Snyk to facilitate SSO. To configure your OneLogin to use SSO with Snyk, start by obtaining an entity ID and a reply URL (Assertion Consumer Service URL) from Snyk. 1\. From the dropdown at the top left, select **GROUP OVERVIEW** and then the cog icon (top right corner) to get to your group settings.
Select group overview

Select group overview

2\. Click on **SSO** and copy the values under **Entity ID** and **ACS URL** or leave the browser tab open for easy access. 3\. Navigate to [OneLogin](https://www.onelogin.com/), open the **applications** menu, click on **Applications**, and then on the **Add App** button on the top right.
Add app

Add app

4\. Filter by “saml” and select the **SAML Custom Connector (Advanced)** app.
Select SAML Cusotm Connector (Advanced) app

Select SAML Cusotm Connector (Advanced) app

5\. Enter a **Display Name** for the app, for example, Snyk. Optionally, pick an icon. You can find the Snyk logo on Snyk’s [press kit](https://snyk.io/press-kit/) page.
Enter a display name and pick an icon

Enter a display name and pick an icon

6\. After the app is saved, go to the configuration page and enter the **Audience** (EntityID), **ACS URL,** and ACS URL Validator. Use the ACS URL value here as well. Copy the EntityID and ACS URL from step 2.
Enter application details

Enter application details

7\. Go to the parameters section and add a new parameter, as Snyk needs the email address as the `email` attribute in the SAML response. Click the **+** icon.
Add a new parameter

Add a new parameter

For the **Field name**, use **email**. Make sure the checkbox **Include in SAML assertion** is checked. **Save**.
Enter email for the field name

Enter email for the field name

On the next screen, select **Email** in the **Value** dropdown list. **Save**.
Select Email form the value dropdown

Select Email form the value dropdown

Repeat the same steps for the **name** attribute.
Enter name for the field name

Enter name for the field name

Add the name parameter

Add the name parameter

8\. Go to the **SSO** section, download the **certificate,** and make a note of the **SAML 2.0 Endpoint (HTTP)** value.
SAML 2.o Endpoint (HTTP) value

SAML 2.o Endpoint (HTTP) value

9\. To enable the app for users, go to the **Users** > **Roles** section and **create a new role** called Snyk.\ Be sure to select the Snyk SAML app as an enabled role app. **Save**.\ Then, assign this role to all the users who should be able to use Snyk.
Create Snyk role

Create Snyk role

10\. Go back to the Snyk portal, scroll to step 2, and make a note of entering the details from step 8, including the domain(s) you wish to use over the SSO connection.\ Verify if an **IdP-initiated workflow** should be enabled and then click **Create Auth0 connection**.
Enter SAML attributes in the Snyk portal

Enter SAML attributes in the Snyk portal

11\. Scroll to step 3 and determine how new users should be treated when signing in.\ Choose the option you would like to use: **Group member, Org collaborator,** or **Org admin**.\ Finally, enter the **Profile attributes** as you configured them in OneLogin (email, name, nickname), click **Save changes,** and verify you can log in, either with the direct URL at the top of step 3 or by going to the[ generic SSO login](https://app.snyk.io/login/sso).
Enter profile attributes

Enter profile attributes